Answered step by step
Verified Expert Solution
Question
1 Approved Answer
duction You work for a small firm that specializes in infrastructure security assurance. You have just received notice of an opportunity to compete for a
duction You work for a small firm that specializes in infrastructure security assurance. You have just received notice of an opportunity to compete for a small security assessment and remediation contract to be let by the South by Southwest Consolidated School District (SSCSD). The school district operates the Palo Duro Adult Education Center (PDAEC). This center provides short courses on a range of practical topics of interest to the local community. The school district has requested a proposal from your firm and others to perform a security assessment of the information systems network operated and maintained by the PDAEC by assessing the current security environment, proposing security improvements, implementing approved security remediation, and then passing an inspection of the remediation. This document constitutes the formal "Request for Proposal." Client Background Your prospective client, the PDAEC is located in the Texas Hill Country. The PDAEC operates and maintains an information systems network that includes an internet accessible web site, central file serving and email in a domain based network. Since the PDAEC must also manage registration and fiscal operations, the network is equipped with a centralized application that provides for management of accounts receivable, finance and payroll, and student registration and scheduling. The infrastructure hardware consists of 20 workstations for faculty and administrative staff, 20 workstations in a computer classroom, cabling, a switch and a router/firewall combo that provides always-on internet connectivity for multiple internet hosts. The border routers also double as wireless access points. The goal of the PDAEC is to provide opportunities for life-long education and to improve the quality of life in the local community. Statement of Work 1.0 Project Management The contractor shall initiate, plan, execute, monitor, control and close a formal project to perform a security assessment and remediation of the PDAEC information system network. The contractor shall perform on-going project management activities to include the conduct of regular team meetings and status briefings. The contractor shall provide monthly project performance reports that address cost, schedule and technical performance. 2.0 Baseline the Current Operating Environment The contractor shall baseline the current operating environment to determine the current access patterns, system performance, hardware configurations, services, installed applications and user behaviors. The contractor shall analyze the results of the baseline analysis to identify the operational and maintenance security needs of the system. The contractor shall document and deliver the baseline information and resultant analysis in a formal baseline assessment report to be used to troubleshoot the system and establish a disaster recovery path to ensure system availability. 3.0 Audit and Assess the Network. The contractor shall plan and execute security audits of the operational environment against the previously established baseline. The contractor shall rely upon both manual tasks and automated tools to execute the audits. The contractor shall assess the results of the audit in terms of technical configuration and business needs. 4.0 Design Security Improvements (Remediation) The contractor shall perform a risk analysis to weigh trade-offs between security and business needs. The contractor shall compile a complete list of the potential vulnerabilities identified through the audits and assessments. Based upon the risk analysis, the contractor shall develop a remediation proposal that recommends which vulnerabilities should be remediated. The remediation proposal should prioritize the top ten recommendations. The contractor will submit the remediation proposal for evolution by PDAEC. 5.0 Secure the Environment Through Implementing the Remediation Proposed Plan Following approval of the remediation proposal by PDAEC, the contractor shall implement the approved remediation proposed. The remediation effort shall include technical changes to the environment as well as policies or procedures that govern the management and use of all IT resources. 6.0 Inspection and Evaluation of the Remediated System The contractor shall host a comprehensive security inspection by PDAEC (or their representative) to evaluate the results of the remediation effort to ensure the configuration and policy changes implemented actually remediate the assessed threats and vulnerabilities while the functional business needs were not adversely impacted by the changes implemented. Any deficiencies identified will be addressed by the contractor. The contractor shall adapt and integrate implemented changes to establish standards to be used throughout SSCSD. The contractor shall prepare and deliver a system evaluation report to document the results obtained through the remediation effort. The project must be scheduled to start January 1, 2023. And the Network Assessment and Remediation must be finished by June 30, 2023. Exercise 3 (Module 3) - Project Life Cycle Phases ch 3 Your task is to develop a life cycle for this network security assessment and remediation project to be performed for the PDAEC. Your project life cycle should include 3 to 5 distinct phases. For each phase, you should identify major activity(s) and deliverable(s). You should identify a decision point between each phase and how that the decision to proceed to the next phase transpires in the project (e.g., an approval milestone, or a successful demonstration, or an audit/inspection/test, etc.). For your convenience, a project life cycle template is provided in Appendix A. Limit this assignment to one page maximum. Project Life Cycle Phase Decision To Proceed: Decision To Proceed: Decision To Proceed: Decision To Proceed: Phase: Phase: Phase: Key Activities: Key Activities: Key Activities: Phase: Key Activities: Phase: Key Activities: Major Major Major Major Deliverables: Deliverables: Deliverables: Deliverables: Major Deliverables
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started